firewall: allow udp/123 if ntpd is available.
This commit is contained in:
parent
a9e353fe37
commit
3a21bf0eae
12
firewall
12
firewall
|
@ -196,18 +196,20 @@ fw_start() {
|
||||||
# $IPT -A OUTPUT -j ACCEPT -p udp -o ${ILAN} --dport 53 -m state --state NEW -m comment --comment "DNS out udp"
|
# $IPT -A OUTPUT -j ACCEPT -p udp -o ${ILAN} --dport 53 -m state --state NEW -m comment --comment "DNS out udp"
|
||||||
# $IPT -A OUTPUT -j ACCEPT -p tcp -o ${ILAN} --dport 53 -m state --state NEW -m comment --comment "DNS out tcp"
|
# $IPT -A OUTPUT -j ACCEPT -p tcp -o ${ILAN} --dport 53 -m state --state NEW -m comment --comment "DNS out tcp"
|
||||||
|
|
||||||
if [ $(command -v dhclient) ]; then
|
if [ $(command -v dhclient) ]; then
|
||||||
#### DHCP
|
#### DHCP
|
||||||
$IPT -A OUTPUT -j ACCEPT -p udp -o ${ILAN} -s "${IPLAN}" --sport 68 -m comment --comment "DHCPREQUEST"
|
$IPT -A OUTPUT -j ACCEPT -p udp -o ${ILAN} -s "${IPLAN}" --sport 68 -m comment --comment "DHCPREQUEST"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#### HTTP (maj, ...)
|
#### HTTP (maj, ...)
|
||||||
$IPT -A OUTPUT -j ACCEPT -p tcp -o ${ILAN} --dport 80 -m state --state NEW -m comment --comment "HTTP out"
|
$IPT -A OUTPUT -j ACCEPT -p tcp -o ${ILAN} --dport 80 -m state --state NEW -m comment --comment "HTTP out"
|
||||||
$IPT -A OUTPUT -j ACCEPT -p tcp -o ${ILAN} --dport 443 -m state --state NEW -m comment --comment "HTTPS out"
|
$IPT -A OUTPUT -j ACCEPT -p tcp -o ${ILAN} --dport 443 -m state --state NEW -m comment --comment "HTTPS out"
|
||||||
|
|
||||||
# #### NTP
|
if [ $(command -v ntpd) ]; then
|
||||||
# $IPT -A OUTPUT -j ACCEPT -p udp -o ${ILAN} --dport 123 -m state --state NEW -m comment --comment "NTP"
|
#### NTP
|
||||||
#
|
$IPT -A OUTPUT -j ACCEPT -p udp -o ${ILAN} --dport 123 -m state --state NEW -m comment --comment "NTP out"
|
||||||
|
fi
|
||||||
|
|
||||||
# #### Puppet (connection, ... )
|
# #### Puppet (connection, ... )
|
||||||
# $IPT -A OUTPUT -j ACCEPT -p tcp -o "${ILAN}" --dport 8140 -m state --state NEW -m comment --comment "Puppet out"
|
# $IPT -A OUTPUT -j ACCEPT -p tcp -o "${ILAN}" --dport 8140 -m state --state NEW -m comment --comment "Puppet out"
|
||||||
#### OpenPGP HTTP key server (add key, maj, ...)
|
#### OpenPGP HTTP key server (add key, maj, ...)
|
||||||
|
|
Loading…
Reference in New Issue